from the plenty-of-blame-to-go-around dept

By now, most folks have read about the fact that Uber (surprise) was responsible for the first ever pedestrian fatality caused by a self-driving car in the United States. Investigators in the case have found plenty of blame to go around, including a pedestrian who didn't cross at a crosswalk, an Uber driver who wasn't paying attention to the road (and therefore didn't take control in time), and Uber self-driving tech that pretty clearly wasn't ready for prime time compared to its competitors:

"Uber’s robotic vehicle project was not living up to expectations months before a self-driving car operated by the company struck and killed a woman in Tempe, Ariz.

The cars were having trouble driving through construction zones and next to tall vehicles, like big rigs. And Uber’s human drivers had to intervene far more frequently than the drivers of competing autonomous car projects."

"Uber Technologies Inc. disabled the standard collision-avoidance technology in the Volvo SUV that struck and killed a woman in Arizona last week, according to the auto-parts maker that supplied the vehicle’s radar and camera.

“We don’t want people to be confused or think it was a failure of the technology that we supply for Volvo, because that’s not the case,” Zach Peterson, a spokesman for Aptiv Plc, said by phone. The Volvo XC90’s standard advanced driver-assistance system “has nothing to do” with the Uber test vehicle’s autonomous driving system, he said."

Mobileye, the company that makes the collision-avoidance technology behind Aptiv's tech, was also quick to pile on, noting that if implemented correctly, their technology should have been able to detect the pedestrian in time:

"Intel Corp.’s Mobileye, which makes chips and sensors used in collision-avoidance systems and is a supplier to Aptiv, said Monday that it tested its own software after the crash by playing a video of the Uber incident on a television monitor. Mobileye said it was able to detect Herzberg one second before impact in its internal tests, despite the poor second-hand quality of the video relative to a direct connection to cameras equipped to the car."

In response to Uber's tragic self-driving face plant, Arizona this week announced that it will be suspending Uber's self-driving testing technology in the state indefinitely:

NEW: In light of the fatal Uber crash in Tempe, Governor Ducey sends this letter to Uber ordering the company to suspend its testing of autonomous vehicles in Arizona indefinitely #12Newspic.twitter.com/gO5BZB9P2e

Plenty have justly pointed out that Arizona also has plenty of culpability here, given the regulatory oversight of Uber's testing was arguably nonexistent. That said, Waymo (considered by most to be way ahead of the curve on self-driving tech) hasn't had similar problems, and there's every indication that a higher quality implementation of self-driving technology (as the various vendors above attest) may have avoided this unnecessary tragedy.

Still somehow lost in the finger pointing (including Governor Doug Ducey's "unequivocal commitment to public safety") is the fact that Arizona already had some of the highest pedestrian fatalities in the nation (of the human-caused variety). There were ten other pedestrian fatalities the same week as the Uber accident in the Phoenix area alone, and Arizona had the highest rate of pedestrian fatalities in the nation last year, clearly illustrating that Arizona has some major civil design and engineering questions of its own that need to be answered as the investigation continues.

Again, there's plenty of blame to go around here, and hopefully everybody in the chain of dysfunction learns some hard lessons from the experience. But it's still important to remember that human-piloted counterparts cause 33,000 fatalities annually, a number that should be dramatically lower when self-driving car technology is inevitably implemented (correctly).

from the everyone-error dept

In the wake of a Tempe, Arizona woman being struck and killed by an Uber autonomous vehicle, there has been a flurry of information coming out about the incident. Despite that death being one of eleven in the Phoenix area alone, and the only one involving an AV, the headlines were far closer to the "Killer Car Kills Woman" sort than they should have been. Shortly after the crash, the Tempe Police Chief went on the record suggesting that the victim had at least some culpability in the incident, having walked outside of the designated crosswalk and that the entire thing would have been difficult for either human or AI to avoid.

Strangely, now that the video from Uber's onboard cameras have been released, the Tempe police are trying to walk that back and suggest that reports of the Police Chief's comments were taken out of context. That likely is the result of the video footage showing that claims that the victim "darted out" in front of the car are completely incorrect.

Contrary to earlier reports from Tempe’s police chief that Herzberg “abruptly” darted out in front of the car, the video shows her positioned in the middle of the road lane before the crash.

Based on the exterior video clip, Herzberg comes into view—walking a bicycle across the two-lane road—at least two seconds before the collision.

Analysis from Bryan Walker Smith, a professor at the University of South Carolina that has studied autonomous vehicle technology indicates that this likely represents a failure of the AVs detection systems and that there may indeed have been enough time for the collision to be avoided, if everything had worked properly.

Walker Smith pointed out that Uber’s LIDAR and radar equipment “absolutely” should’ve detected Herzberg on the road “and classified her as something other than a stationary object.”

“If I pay close attention, I notice the victim about 2 seconds before the video stops,” he said. “This is similar to the average reaction time for a driver. That means an alert driver may have at least attempted to swerve or brake.”

The problem, of course, is that AVs are in part attractive because drivers far too often are not alert. They are texting, playing with their phones, fiddling with the radio, or looking around absently. We are human, after all, and we fail to remain attentive with stunning regularaty.

So predictable is this failure, in fact, that it shouldn't surprise you all that much that the safety operator behind the wheel of this particular Uber vehicle apparently is shown in the video to have been distracted by any number of things.

A safety operator was behind the wheel, something customary in most self-driving car tests conducted on public roads, in the event the autonomous tech fails. Prior to the crash, footage shows the driver—identified as 44-year-old Rafaela Vasquez—repeatedly glancing downward, and is seen looking away from the road right before the car strikes Herzberg.

So the machine might have failed. The human behind the wheel might have failed. The pedestrian may have been outside the crosswalk. These situations are as messy and complicated as we should all expect them to be. Even if the LIDAR system did not operate as expected, the human driver that critics of AVs want behind the wheel instead was there, and that didn't prevent the unfortunate death of this woman.

So, do we have our first pedestrian death by AV? Kinda? Maybe?

Should this one incident turn us completely off to AVs in general? Hell no.

from the human-error dept

The internet ink has barely dried on Karl's post about an Uber self-driving vehicle striking and killing a pedestrian in Arizona, and we already have an indication from the authorities that the vehicle probably isn't to blame for the fatality. Because public relations waits for nobody, Uber suspended its autonomous vehicles in the wake of the death of a woman in Tempe, but that didn't keep fairly breathless headlines being painted all across the mainstream media. The stories that accompanied those headlines were more careful to mention that an investigation is required before anyone knows what actually happened, but the buzz created by the headlines wasn't so nuanced. I actually saw this in my own office, where several people could be heard mentioning that autonomous vehicles were now done.

But that was always silly. It's an awkward thing to say, but the fact that it took this long for AVs to strike and kill a pedestrian is a triumph of technology, given just how many people we humans kill with our cars. Hell, the Phoenix area itself had 11 pedestrian deaths by car in the last week, with only one of them being this Uber car incident. And now all of that hand-wringing is set to really look silly, as the Tempe police chief is indicating that no driver, human or AI, would likely have been able to prevent this death.

The chief of the Tempe Police has told the San Francisco Chronicle that Uber is likely not responsible for the Sunday evening crash that killed 49-year-old pedestrian Elaine Herzberg.

“I suspect preliminarily it appears that the Uber would likely not be at fault in this accident," said Chief Sylvia Moir.

Herzberg was "pushing a bicycle laden with plastic shopping bags," according to the Chronicle's Carolyn Said, when she "abruptly walked from a center median into a lane of traffic."

After viewing video captured by the Uber vehicle, Moir concluded that “it’s very clear it would have been difficult to avoid this collision in any kind of mode (autonomous or human-driven) based on how she came from the shadows right into the roadway."

So, once again, this tragedy has almost nothing to do with automobile AI and everything to do with human beings being faulty, complicated creatures that make mistakes. We don't need to assign blame or fault to a woman who died to admit to ourselves that not only did the self-driving car do nothing wrong in this instance, but also that it might just be true to say that the car's AI had a far better chance of avoiding a fatality than the average human driver. The car was not speeding. It did not swerve. It did not adjust its speed prior to the collision.

This obviously isn't the conclusion of the police's investigation, but when the police chief is already making these sorts of noises early on, it's reasonable to conclude that the visual evidence of what happened is pretty clear. Sadly, all this likely means is that the major media websites of the world will have to bench their misleading headlines until the next death that may or may not be the fault of a self-driving vehicle.

from the I-can't-do-that,-Dave dept

Despite worries about the reliability and safety of self-driving vehicles, the millions of test miles driven so far have repeatedly shown self-driving cars to be significantly more safe than their human-piloted counterparts. Yet whenever accidents (or near accidents) occur, they tend to be blown completely out of proportion by those terrified of (or financially disrupted by) an automated future.

"A self-driving Uber SUV struck and killed a pedestrian in Tempe, Arizona, Sunday night, according to the Tempe police. The department is investigating the crash. A driver was behind the wheel at the time, the police said.

"The vehicle involved is one of Uber's self-driving vehicles," the Tempe police said in a statement. "It was in autonomous mode at the time of the collision, with a vehicle operator behind the wheel."

Uber, for its part, says it's working with Tempe law enforcement to understand what went wrong in this instance:

Our hearts go out to the victim’s family. We’re fully cooperating with @TempePolice and local authorities as they investigate this incident.

Bloomberg also notes that Uber has suspended its self-driving car program nationwide until it can identify what exactly went wrong. The National Transportation Safety Board is also opening an investigation into the death and is sending a small team of investigators to Tempe.

We've noted for years now how despite a lot of breathless hand-wringing, self-driving car technology (even in its beta form) has proven to be remarkably safe. Millions of AI driver miles have been logged already by Google, Volvo, Uber and others with only a few major accidents. When accidents do occur, they most frequently involve human beings getting confused when a robot-driven vehicle actually follows the law. Google has noted repeatedly that the most common accidents it sees are when drivers rear end its AI-vehicles because they actually stopped before turning right on red.

And while there's some caveats for this data (such as the fact that many of these miles are logged with drivers grabbing the wheel when needed), self-driving cars have so far proven to be far safer then even many advocates projected. We've not even gotten close to the well-hyped "trolly problem," and engineers have argued that if we do, somebody has already screwed up in the design and development process.

It's also worth reiterating that early data continues to strongly indicate that self-driving cars will be notably safer than their human-piloted counterparts, who cause 33,000 fatalities annually (usually because they were drunk or distracted by their phone). It's also worth noting that 10 pedestrians have been killed by drivers in the Phoenix area (including Tempe) in the last week alone by human drivers, and Arizona had the highest rate of pedestrian fatalities in the country last year. And it's getting worse, with 197 Arizona pedestrian deaths in 2016 compared to 224 in 2017.

We'll have to see what the investigation reveals, but hopefully the tech press will view Arizona's problem in context before writing up their inevitable hyperventilating hot takes. Ditto for lawmakers eager to justify over-regulating the emerging self-driving car industry at the behest of taxi unions or other disrupted legacy sectors. If we are going to worry about something, those calories might be better spent on shoring up the abysmal security and privacy standards in the auto industry before automating everything under the sun.

from the took-too-long-already dept

Back in December, right before the Waymo/Uber trial was supposed to begin (before it got delayed due to an unexpected bombshell about withholding evidence that... never actually came up at the trial), I had a discussion with another reporter about the case, in which we each expressed our surprise that a settlement hadn't been worked out before going to trial. It seemed as though part of the case was really about the two companies really disliking each other, rather than there being a really strong legal case.

A year ago, when the case was filed, I expressed disappointment at seeing Google filing this kind of lawsuit. My concern was mainly over the patent part of the case (which were dropped pretty early on), and the fact that Google, historically, had shied away from suing competitors over patents, tending to mostly use them defensively. But I had concerns about the "trade secrets" parts of the case as well. While there does seem to be fairly clear evidence that Anthony Levandowski -- the ex-Google employee at the heart of the discussion -- did some sketchy things in the process of leaving Google, starting Otto, and quickly selling Otto to Uber, the case still felt a lot like a backdoor attempt to hold back employee mobility.

As we've discussed for many years, a huge part of the reason for the success of Silicon Valley in dominating the innovation world has to do with the ease of employee mobility. Repeated studies have shown that the fact that employees can switch jobs easily, or start their own companies easily, is a key factor in driving innovation forward. It's the sharing and interplay of ideas that allows the entire industry to tackle big problems. Individual firms may compete around those big breakthroughs, but it's the combined knowledge, ideas, and perspective sharing that results in the big breakthroughs.

And even though that's widely known, tech companies have an unfortunate history of trying to stop employees from going to competitors. While non-competes have been ruled out in California, a few years back there was a big scandal over tech companies having illegal handshake agreements not to poach employees from one another. It was a good thing to see the companies fined for such practices.

However, the latest move is to use "trade secrets" claims as way to effectively get the same thing done. The mere threat of lawsuits can stop companies from hiring employees, and can limit an employee's ability to find a new job somewhere else. That should concern us all.

However, in this lawsuit, everything was turned a bit upside down. Part of it was that there did appear to be some outrageous behavior by Levandowski. Part of it was that, frankly, there are few companies out there disliked as much as Uber. It does seem that if it were almost any other company on the planet, many more people would have been rooting against Google as the big incumbent suing a smaller competitor. But, in this case, many many people seemed to be rooting for Google out of a general dislike of Uber itself.

My own fear was that this general idea of "Uber = bad" combined with "Levandowski doing sketchy things" could lead to a bad ruling which would then be used to limit employee mobility in much more sympathetic settings. Thankfully, that seems unlikely to happen. As Sarah Jeong (who's coverage of this case was absolutely worth following) noted, despite all the rhetoric, it wasn't at all clear that Waymo proved its case. Lots of people wanted Google/Waymo to win for emotional reasons, but the legal evidence wasn't clearly there.

And now the case is over. As the trial was set to continue Friday morning, it was announced that the two parties had reached a settlement, in which Uber basically hands over a small chunk of equity to Waymo (less than Waymo first tried to get, but still significant). As Jeong notes in another article, both sides had ample reasons to settle -- but the best reason of all to settle is so that they can focus on just competing in the market, rather than the courtroom and in not setting bad and dangerous precedent concerning employee mobility in an industry where that's vital.

from the if-it-looks-like-a-duck,-swims-like-a-duck,-and-quacks-like-a-duck,-then-it-prob dept

Uber is a company that provokes strong emotions, as numerous stories on Techdirt indicate. Uber has been involved in some pretty bad situations, including inappropriate behavior, special apps to hide from regulators, and massive leaks of customer information. Despite this, it is undeniable that millions of people around the world love the convenience and competitive pricing of its service.

Equally, traditional taxi services dislike it for the way Uber flouts transports regulations that they obey, which is fair enough, and hate it for the way Uber challenges their often lazy monopolies, which is not. This has led to some appalling violence in some countries, as well as numerous legal actions. One of those, instituted by a professional taxi drivers' association in Spain, has resulted in a case before the EU's highest court (pdf), the Court of Justice of the European Union (CJEU), which has just ruled as follows:

the Court declares that an intermediation service such as that at issue in the main proceedings, the purpose of which is to connect, by means of a smartphone application and for remuneration, non-professional drivers using their own vehicle with persons who wish to make urban journeys, must be regarded as being inherently linked to a transport service and, accordingly, must be classified as 'a service in the field of transport' within the meaning of EU law.

The CJEU's reasoning was that Uber is more than a simple intermediation service. Its smartphone app is "indispensable" for the process of agreeing to deals between the driver and the customer, and Uber exercises "decisive influence over the conditions under which the drivers provide their service." As a result, the CJEU ruled that Uber is not "an information society service", but a "service in the field of transport", and may therefore be regulated just like traditional taxi services.

In practice, this means that Uber will be able to operate in the EU, but will be unable to continue with its swashbuckling approach that has seen it ignore many traditional requirements for taxi services. That result will be important for its knock-on effect on other services offered as part of the so-called "sharing economy". In fact, these are better described as new kinds of rental services, and like Uber they have often skirted around existing laws that cover their field of operation. The CJEU ruling, which can't be appealed, is likely to mean that other companies using online technology to provide such services will also need to obey relevant EU laws.

from the holy-shit dept

So lots of people were gearing up for the Waymo/Uber trial starting next week over Uber's alleged efforts to get Waymo's (Google's self-driving car project) trade secrets. There are a whole bunch of issues around this case that are interesting -- from questions involving what really is a trade secret to where the line is between controlling former employees and allowing people to switch jobs within an industry. But... all of that has been completely tossed out the window as more and more evidence piles up that beyond those key legal issues, Uber sure did some shady, shady stuff. This morning, the latest bombshell (in a long line of bombshells) is that the judge has delayed the trialafter the Justice Department got involved, totally unprompted. No, really.

You have to piece together some of the details, because some of the key documents are heavily redacted, but let's try to unpack what appears to have happened. Earlier this year, the judge in the case, William Alsup, referred the case to federal prosecutors to also investigate whether anything criminal had happened. Normally, in such cases, federal prosecutors will spend quite a while looking into the details and no one -- including the judge who made the referral -- will hear boo from the DOJ until charges are filed (if that ever happens). Except... that's not what happened. Apparently while investigating the possible criminal behavior by Uber, the DOJ noticed that Uber had failed to hand over a key piece of evidence during discovery. Specifically, it appears to be a letter from a former Uber security analyst named Richard Jacobs, concerning efforts by Uber to access competitor trade secrets -- and to conceal that information (there is some suggestion that this involved using disappearing messaging apps).

This would have been required to be handed over during discovery, but was not. And no one would have known about it, had the acting US Attorney for the Northern District of California not decided, unprompted, to let Judge Alsup know about it -- leading Judge Alsup, just last week, to order Uber to hand it over to Waymo. You can get some of this from the heavily redacted filing made by Waymo's lawyers, in which you can hear their exasperation over just finding this out.

Also, Judge Alsup order Jacobs to appear in court and answer questions, and reports from the courtroom suggest it's been... messy. Reporters Kate Conger and Joe Mullin have been providing some fairly astounding color commentary. A few snippets from their tweets:

Q: Uber had a group dedicated to stealing trade secrets and confidential information from competitors, correct?

As computer security guru Matt Blaze points out, there are plenty of good reasons for companies to want to use secure communications -- but doing so explicitly to avoid having your conversations show up during discovery certainly doesn't look good in court.

“We're going to put trial off … because even if half of what’s in that letter is true it would be a huge injustice to Waymo to have to go to trial now,” the judge said...

Judge Alsup also noted that "the public is going to hear everything" about this evidence, so there's likely to be more coming down the road.

Once again, there are all sorts of interesting legal questions underlying this case -- but as happens all too often, it appears that some fairly blatant bad behavior is likely to obscure much of that. While it may make for more entertaining stories, it can muck up some of the legal questions. Or, as lawyers sometimes note, bad cases make bad law. This is shaping up to be a bad case with a pretty clear pattern of incredibly bad behavior by Uber (which, of course, appears to be consistent with the company's reputation). And, unfortunately, that seems likely to distract from some actually important issues that could have a much wider impact, concerning questions around trade secrets and employment.

But, no matter what, withholding evidence like this during discovery -- not to mention some of that evidence being an explanation of how the company tried to avoid discovery -- is a double layer cake of extremely sketchy behavior. It seems unlikely that this will end well for Uber.

from the not-good,-uber,-not-good dept

It's no secret that Uber's management over the years has been pretty sketchy, if not downright nefarious. At some point I may write a longer post about this, but it appears that the company culture took the idea of reasonably pushing back on bad laws (such as those that restricted competition in the taxi space) and took it to mean that it could just ignore all sorts of rules. And it appears that a company culture was created that celebrated rulebreaking in all sorts of ways -- most of which were bad. The company has a new CEO, Dara Khosrowshahi, who comes in with a strong reputation and has indicated his intent to change the culture. On Tuesday, the company admitted that it had covered up that data on 57 million users had been leaked. While the data didn't include credit card info or trip data, it did include drivers' license info for 7 million drivers, and the email addresses and phone numbers of 50 million riders.

It's bad enough that the data leaked, but covering it up is serious -- and means that the company is going to be hit with lawsuits. California (among others) has a strong data breach law, and it seems quite likely that Uber broke that law in failing to alert people that their info had been accessed. Perhaps more incredibly, the cover-up happened at the very same time that the company was negotiating with FTC officials over a previous data breach. Also, it appears that Uber paid off the hackers who were trying to extort the company to keep the data secret:

Here’s how the hack went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.

Apparently, Uber paid the hackers $100,000 to keep the data from getting out.

In response to this, Khosrowshahi has put up a blog post taking responsibility for this and more or less admitting that the company had royally fucked up. He also fired two employees who were apparently responsible for covering this up (the report technically says one was "asked to resign" while the other was fired). The whole thing sounds like a complete shitshow from a company that, well, has a history of Broadway-level shitshows.

While the blog post is clearly an attempt to show that the company is trying to turn over a new leaf, the whole situation is still troubling. The blog post doesn't mention paying off the hackers -- it just says that the company "obtained assurances that the downloaded data had been destroyed." It certainly feels like the overall statement could be stronger. Here's part of it:

At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals. We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.

You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it. What I learned, particularly around our failure to notify affected individuals or regulators last year, has prompted me to take several actions:

I’ve asked Matt Olsen, a co-founder of a cybersecurity consulting firm and former general counsel of the National Security Agency and director of the National Counterterrorism Center, to help me think through how best to guide and structure our security teams and processes going forward. Effective today, two of the individuals who led the response to this incident are no longer with the company.

We are individually notifying the drivers whose driver’s license numbers were downloaded.

We are providing these drivers with free credit monitoring and identity theft protection.

We are notifying regulatory authorities.

While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection.

None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.

It will be interesting to see if the company can really change its culture. I still think that the concept behind Uber is powerful and can do some fairly useful things in the world, but the way in which the company has gone about running its business has been a disgrace.

from the that's-not-a-plan dept

Big city budgets are hellaciously complicated affairs. That much is obvious, but the actual level of management of a budget likely goes far beyond what the average member of the public realizes. Even with that stipulated, the city of Chicago's budget is an absolute mess. Budget shortfalls abound for any number of reasons, ranging from bloated payrolls, to pet projects that have missed the mark on cost projections, to a shortage of income related to police and parking activity from our infamous redlight cameras and our equally infamous privatization of parking meters. Anyone looking to solve this budget crisis is likely to begin pulling their hair out immediately, wondering where to even begin.

Beale, who chairs the City Council Transportation Committee, said he hopes Emanuel will revisit the idea of higher fees and tougher regulations on the burgeoning ride share industry as part of budget talks for 2018. He said the move would help even the playing field for cab drivers finding it increasingly difficult to compete. Beale wanted a per-ride charge of $1 on ride share companies as part of Emanuel’s 2016 budget. Instead, Emanuel raised the charge from 30 cents to 52 cents per ride.

“We should have went for the dollar and we negotiated down to the 50-cent (fee),” Beale said Wednesday. “Now here we are again, going for the dollar. And so, I think we could have been much further along if we had just stuck to our guns and gone for the dollar a couple years ago.”

Chicago has been a battleground of sorts in this fight between taxis and ride-sharing services. The per-ride fee instituted in 2016 came on the heels of a city-wide protest by taxis in 2015, where cabs refused to pick up fares in the downtown area and instead just honked their horns a bunch while those of us that work down here tried to actually do our jobs. The protest was designed not so much to rally public support to their side, as the public's voting with their wallets is what got us here in the first place. Rather, it was designed simply to be a pain in the city's ass enough for city officials to write in higher per-ride fees into its licensing legal framework.

And to that extent, it worked. The fee went up by a third or so. For Beale to lament the lack of a 300% increase in fees and, more fallaciously, to frame the desire for that increase as a budget solution when it is nothing of the sort, is fairly laughable. The real reason for Beale's angst is that he is the errand boy of Chicago's taxi companies, plain and simple. This is pure entrenched player protectionism and regulatory capture in reverse, with taxi companies looking to regulate more innovative and useful companies to death, or at least into some sort of insane fairness coma.

That isn't how government is supposed to be done, but it sure is the Chicago way.

from the let's-try-this-again dept

Have you heard the story about how Uber was tracking ex-users even after they had deleted the app from their phone? You'd have to be living under a rock to have missed it. It came from a fascinating NY Times profile of Uber's CEO/founder Travis Kalanick and is the opening anecdote, and then it started spreading like wildfire across social media.

Travis Kalanick, the chief executive of Uber, visited Apple’s headquarters in early 2015 to meet with Timothy D. Cook, who runs the iPhone maker. It was a session that Mr. Kalanick was dreading.

For months, Mr. Kalanick had pulled a fast one on Apple by directing his employees to help camouflage the ride-hailing app from Apple’s engineers. The reason? So Apple would not find out that Uber had been secretly identifying and tagging iPhones even after its app had been deleted and the devices erased — a fraud detection maneuver that violated Apple’s privacy guidelines.

But Apple was onto the deception, and when Mr. Kalanick arrived at the midafternoon meeting sporting his favorite pair of bright red sneakers and hot-pink socks, Mr. Cook was prepared. “So, I’ve heard you’ve been breaking some of our rules,” Mr. Cook said in his calm, Southern tone. Stop the trickery, Mr. Cook then demanded, or Uber’s app would be kicked out of Apple’s App Store.

Except, if you actually read what the NY Times said it notes that what the company was doing was an anti-fraud detection. Did it break Apple's rules and go too far? Yes, absolutely. Was it bad? Probably. Was it tracking users who deleted the app? No, not at all. Again, there are plenty of legitimate reasons to dislike Uber or to dislike its business practices or its management. But that's no excuse to oversell a story that already looks bad. Uber clearly broke the rules and used a fairly sketchy maneuver to track phones to prevent fraud -- but that's not the same as tracking users who deleted the app. Wired has a pretty clear summary of what actually happened:

Fingerprinting, in and of itself, has plenty of non-invasive uses. Uber, for example, deployed it to help prevent fraud. Being able to identify when a device reinstalls a particular app helps developers spot phones that are, say, bouncing around the black market. In Uber’s case, fingerprinting kept drivers, especially those in China, from gaming a promotion that rewarded them for maximizing ride volume. The company discovered that some drivers were buying stolen phones, creating dummy Uber accounts, and using those phones to call for rides.

When someone uninstalls an app that uses fingerprinting, it leaves behind a small piece of code that can be used as an identifier if the app is ever reinstalled on the device. For the iOS App Store, Apple originally permitted developers to keep track of their users over time using a broad Unique Device Identifier (UDID). Beginning with iOS 5, though, Apple scaled this back, because of the potential privacy implications of giving developers permission to individually ID users even after their app had been uninstalled. Instead, Apple turned to more limited mechanisms, like advertising IDs and vendor IDs. These still give developers the ability to do fraud defense, but with less leeway for potential privacy abuse.

Uber took it one step further, which is to say, one step too far, using application program interfaces designed to access data like an iPhone’s device registry and Apple-assigned serial number.

Again: this is not excusing what Uber did. It clearly broke Apple's rules, and using this kind of fingerprinting can have some problematic consequences for privacy. And, yes, because everything Uber does seems to come included with some secondary component that makes even reasonable actions look bad, the company geofenced Apple's headquarters to try to try to hide the fact that it was doing this. That seems like a pretty blatant admission that the company knew it was breaking Apple's rules. It just doesn't mean that the company was tracking you after you deleted its app.

I certainly understand that there's a long list of actions by Uber that make people not trust the company. And that's completely valid. But if you're going to attack the company, it should be for the bad actions that the company actually did, rather than the exaggerated and misleading descriptions that start spreading across social media.